Amazon now supports signing in to apps, sites with your Amazon ID

Using a new API announced by Amazon Web Services, developers can use Amazon.com, Facebook, or Google's sign-in systems for their cloud-based apps.

Perhaps more importantly for end users, Amazon Web Services has also integrated the recently announced Login with Amazon, a free service that lets third party apps and websites use the online retail giant's system for authenticating users. Login with Amazon eliminates the need for users to create a new account and password for each site, and instead allows them to sign in using their existing Amazon account information, Amazon said.

Amazon calls the concept web identity federation, and the new AWS Security Token Service (STS) API (application programming interface) simplifies the development process by letting users integrate web-based sign-in platforms with their apps without having to write any server-side code, according to Amazon.

The API -- which is called AssumeRoleWithWebIdentity -- requests temporary security credentials for users that have been authenticated using one of the three public identity providers. An app can then use the temporary credentials to access AWS resources such as Simple Storage Service (S3) objects, DynamoDB tables, or Simple Queue Service queues.

A smartphone app can store player and score information in an Amazon S3 bucket or an Amazon DynamoDB table, according to Amazon. Because the app needs to be able to distinguish individual users, users cannot be anonymous, it said.

When a user signs in, the authentication process for the chosen identity provider is invoked. How this works depends on the identity provider and the underlying platform. For example, an Android app can use a different way to authenticate than an iOS app or a JavaScript-based web app, according to Amazon. In general, the authentication process returns a token to the app that represents the authenticated user. Depending on what the provider shows and the user is willing to share, developers might be able to access more information that can be used by the app, Amazon said.

To help developers get started, Amazon has published an article entitled "Creating temporary security credentials for mobile apps using identity providers" on the AWS documentation website, which includes code examples.